Bug fix to correct a memory leak in GnuPG SPA packet handling within
the gpg_decrypt() function. Here is the specific valgrind leak record
that enabled the bug to be found (note that the new valgrind
suppressions usage was critical for finding this bug among all other
libgpgme memory leaks):
==23983== 1,044 bytes in 1 blocks are definitely lost in loss record 7 of 8
==23983== at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23983== by 0x4E41D3A: gpg_decrypt (fko_encryption.c:422)
==23983== by 0x4E42520: fko_decrypt_spa_data (fko_encryption.c:626)
==23983== by 0x1155B0: incoming_spa (incoming_spa.c:519)
==23983== by 0x1180A7: process_packet (process_packet.c:211)
==23983== by 0x506D857: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.4.0)
==23983== by 0x117865: pcap_capture (pcap_capture.c:270)
==23983== by 0x10F937: main (fwknopd.c:353)
Running the test suite with --enable-valgrind resulted in large numbers
of leaks detected in gpgme functions. This commit adds a valgrind
suppressions file to squash these errors (which are not fwknop's fault),
and also enables the valgrind --child-slient-after-fork option by
default. Both of these can disable in test suite execution with two
new options: --valgrind-disable-suppressions and
--valgrind-disable-child-silent.
- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.
This commit implements more rigorous SPA packet field count validation
that takes into account expected field counts for each SPA message type.
Two new libfko error codes have been added in support of this, and the
corresponding changes made in the perl and python modules.
